169 matches found
Design/Logic Flaw
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents...
Privilege escalation
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation...
Hardcoded credentials
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document...
CVE-2017-1000021
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents...
CVE-2017-1000022
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation...
CVE-2017-1000023
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document...
CVE-2017-1000022
The CVE-2017-1000022 entry concerns LogicalDoc Community Edition 7.5.3 and earlier, where an incorrect access control issue can lead to privilege escalation. Public references across NVD and CNVD describe the vulnerability as an elevation of privileges due to improper rights management within the...
CVE-2017-1000021
LogicalDoc Community Edition 7.5.3 and earlier is vulnerable to an XML External Entity (XXE) issue when indexing XML documents. The CNVD-entry CNVD-2017-24536 identifies this as an XML injection vulnerability affecting the same version range; CNVD-2017-24537 covers a related cross-site scripting ...
CVE-2017-1000023
Affected software : LogicalDoc Community Edition (Java-based DMS) prior to 7.5.3. Vulnerability : Cross-site scripting (XSS) in the HTML document preview feature. Root cause: improper sanitization/execution of user-controlled content in the preview flow (document HTML preview). Impact : attacker ...